Not all VPNs protect you from the Snooper’s Charter. These will.

The UK’s Investigatory Powers Bill, colloquially known as the “Snooper’s Charter”, has completed its parliamentary procedure and is set to become law before the end of this year.

It’s up to Brits to take their privacy into their own hands, now. The best means of fighting against the Snooper’s Charter is to employ a VPN. Short for virtual private network, a VPN encrypts the internet traffic traveling to and from a device and then routes it through an intermediary server in a location of the user’s choosing.

ISPs and the government cannot see the final destination of a VPN user’s web traffic–only that their data is being sent to a remote server. The contents are hidden as well thanks to encryption.

But even that might not be enough to prevent British authorities from monitoring your online activity. The VPN should also be logless, meaning it stores no record of user activity, their IP address, or any other identifying information. British users should also avoid VPNs based in the UK, as they will be susceptible to government demands for information.

Finally, even though the traffic is encrypted and its destination is hidden, an ISP could still detect whether a VPN is being used. This might not be an issue, but if it is, then a VPN with some sort of obfuscation feature is necessary. Obfuscation, in regards to VPNs, means the encrypted traffic is “obscured” to look like normal, un-encrypted traffic.

To make the search for a suitable VPN easier, we’ve compiled a list of the best VPNs to thwart the snooper’s charter. It’s based on the following criteria:

No logs containing identifying information are stored on company servers

ExpressVPN is based in the British Virgin Islands, outside the jurisdiction of UK law. By default, all connections are established using a 256-bit encrypted OpenVPN protocol, which is as strong as it gets. ExpressVPN logs some diagnostic information, but not any activity or identifying information. That includes dates (not times), choice of server location, and the total amount of data transferred per day. It does not log the contents of internet traffic or users’ IP addresses. DNS leak protection can be toggled on in the settings. ExpressVPN is also great for unblocking US Netflix and Hulu, and it allows torrenting. No obfuscation features are included.

NordVPN offers some powerful security and anonymity features for those who feed a normal VPN just isn’t good enough. That includes a “double hop” VPN, which feeds traffic through two VPN servers, and Tor over VPN, which directs traffic through the Tor Network after exiting the VPN server. OpenVPN encrypted with a 256-bit algorithm uses 2,048-bit SSL keys. NordVPN boasts a true zero-logs policy, meaning it stores absolutely no information about individual connections. The provider is based in Panama, beyond the scope of UK laws. NordVPN supports an obfuscation tool called Obfsproxy, but it must be set up manually with a third-party app.

Despite being far from intuitive to use and offering a poor user experience AirVPN is the cream of the crop when it comes to security features on a VPN app. OpenVPN over SSH and SSL are both supported. A kill switch, DNS leak protection, DNS routing, and port forwarding are built-in options. AirVPN only uses the OpenVPN protocol, which is 256-bit encrypted. No traffic or connection logs are recorded. AirVPN is based in Italy, so while subject to some EU regulations, it is not in the jurisdiction of the Snooper’s Charter.

IPVanish leverages 256-bit AES encryption, and most servers support our preferred OpenVPN protocol. The company does not log any personally identifiable information. The Windows and Mac apps allow users to specify how often their IP address changes for greater anonymity. A “scramble” disguises packets to make them look normal and un-encrypted so ISPs will have a hard time detecting that the VPN is being used. The company is based in the United States, which might put off some users wary of the NSA and FBI. The Snooper’s Charter does not put US companies under any obligation to divulge information, though.

LiquidVPN allows users to choose from three “topologies”, or types of IP addresses: private static IP, shared dynamic IP, or modulating IP. The modulating option changes your IP address every time you connect to a different web server, making it extremely difficult to trace. Connections use 256-bit encryption and the OpenVPN protocol. The Liquid Lock feature functions as a kill switch while also preventing DNS and WebRTC leaks. Users can select from 10 different ports to use, and LiquidVPN is one of the few providers to use perfect forward secrecy. Like IPVanish, the company is based in the United States, but LiquidVPN maintains a warrant canary on its website. LiquidVPN doesn’t store any identifying info, but it does record your last VPN logged into, the total number of logins, and bandwidth used.

StrongVPN doesn’t support OpenVPN on all servers, but it supports 256-bit encryption on those that do. A kill switch prevents unencrypted traffic from leaking to your ISP should the connection drop. The scramble feature obfuscates traffic to avoid detection as a VPN. The port list can be edited to allow or disallow traffic to and from specific apps. The service is completely logless. All IP addresses are dynamic and shared, making it difficult to trace any activity to an individual user.

VPNs to avoid

HideMyAss

HMA, a VPN provider based in the UK, has gotten into hot water in the past for divulging customer information that led to the arrest of one its users, a member of hacking collective LulzSec.

Free VPNs

In general, don’t use free VPNs. They often mine your data, sell that data to advertisers, and then inject ads into your browser. Furthermore, most cap data and bandwidth. If you must use a free VPN, check out our list of the more reputable options.

What is the Investigatory Powers Bill?

The bill, criticized by both privacy and human rights advocates, imposes new regulations on British internet service providers and expands the authority of British intelligence agencies. Advocates argue the bill is necessary to fight terrorism.

The Snooper’s Charter consists of five key components:

ISPs must keep a record of every subscriber’s web history for up to 12 months, data that is accessible to several government agencies

The GCQH can utilize bulk data collection on the personal assets of of people not accused of wrongdoing, but whose data was gathered from the large number of devices in a targeted area

Companies must decrypt data on demand

Companies must notify the government before new security features are launched

Intelligence agencies like the GCQH may hack into the devices of citizens

No matter how the bill is justified, it will undermine the right to privacy for British citizens. Even if the new regulations have good intentions, no one can guarantee a hacker won’t gain access to ISP records or the collected bulk data. Just a single person with access to that data could steal and/or abuse it on a whim.

Do UK citizens support the Snooper’s Charter?

In a survey of 1,000 Brits commissioned by Comparitech in August, 60 percent of respondents said the government should be able to monitor mass communications. Nearly half agreed that national security is more important than individual rights. Only one in five completely disagreed with the practice.

Terrorism and criminal activity were the two most oft-cited scenarios in which the government should be allowed to exercise such powers, the survey takers said. Nearly half of respondents said they think the government snoops on their data, while nearly 40 percent said they don’t know.

Two months after that survey was conducted, Comparitech commissioned a second survey. This one came just after the Investigatory Powers Tribunal ruled bulk data collection by UK Government agencies GCHQ and MI5 over a 17-year period to be illegal. Survey takers were asked similar questions

Now knowing that the government collected their data illegally, the disposition of respondents dramatically shifted. 70 percent thought the UK government should delete all personal data it has acquired through illegal means. Only 23 percent were in favor supported bulk data collection, down from 60 percent in the previous survey.

Now that the Investigatory Powers Bill legalizes the same sorts of data collection, will the tide turn yet again in its favor?

Why not just use Tor?

You can absolutely use Tor in lieu of a VPN to encrypt and anonymize your online activity. Tor is a free an excellent resource.

But Tor has some limitations. Using Tor, even for innocuous purposes, is enough to draw attention from ISPs and law enforcement. Tor is often used to engage in criminal activity, so even connecting to the Tor network can draw attention.

Tor is also slow. It’s run by a network of volunteer nodes around the world. Streaming video or downloading torrents will be a tedious endeavor and puts undue strain on the Tor network.

Finally, Tor doesn’t work with all web pages and apps. Some sites might block connections from Tor exit nodes.

Tor might be sufficient for some people, but a VPN overcomes all of these problems. You can always combine the two as well: connect to a VPN and use the Tor browser to access the web.

6 thoughts on “Not all VPNs protect you from the Snooper’s Charter. These will.”

Your top two recommendations (ExpressVPN and NordVPN) don’t even support IPv6, and will therefore potentially leak your true IPv6 address (as they both admit).There’s even a paper published on this topic here:https://vpntesting.infoSo you definitely need to add a HUGE caveat to your claim that these sub-standard VPNs that you recommend will protect people (but I would say that’s flat out false information).

Pretty much no commercial VPN provider supports IPv6 DNS servers. Most of them just block IPv6 altogether and route all requests through IPv4. If you’re worried about IPv6 leaks then just disable IPv6 on your device.

That is quite a good idea, though AWS and DO will both ban you for torrenting, and respond to requests for data. If the governent continues down this path, VPNs that respect your privacy will be illegal in 10 years or so and will start getting blocked. The only long term way of restoring our internet freedom is through political action. A couple of redditors https://gitter.im/Digital-Rights-Trust/Lobby